Privacy Policy

1. Controller

This Policy applies to any personal data processing (use) by the company Odeja d.o.o. (controller) or performed on behalf of the controller.

Odeja d.o.o. safeguards your personal data by acting in accordance with the regulation and legislation (basis: Personal Data Protection Act – ZVOP-2, Official Gazette of the Republic of Slovenia, no. 136/22, and General Data Protection Regulation – GDPR, effective date 25 May 2018).

The controller of personal data, as defined by the EU General Data Protection Regulation and applicable legislation governing personal data protection (GDPR), is:

Odeja d.o.o.
Kidričeva 80
Škofja Loka
Slovenia
Registration number: 2274914000
Telephone no.: +386 4/51-30-150
Email: info@odeja.si

The controller can be reached by email at eprodaja@odeja.si or by telephone at 04 51 30 155 (Monday to Friday, 8 am to 4 pm).

 

2. Which personal data do we process

  • basic contact information (name, phone no, email address);
  • data on our website usage (clicks on links, time on site) and data regarding responses to our e-mail messages (whether the message was opened, which links you clicked);
  • information needed for the performance of the contract and delivery of purchased goods (products purchased, price, delivery address, time of delivery, payment method, payment date, information on warranty claims, information on issued invoice, etc., password in encrypted form and other data entered by the user upon online store registration or generated during communication between the client and the provider);
  • data on purchased products.

 

3. Your personal data is collected for the following purposes:

  • communication with you regarding the provision of our services and for responding to your inquiries;
    conclusion of contract and fulfillment of obligations arising from a concluded contract;
  • marketing communication (sending e-mails);
  • enforcement of any legal claims and dispute resolution;
  • statistical analyses on our sales of goods and usage of our websites;
  • to process your order for products in the online store or take other steps at your request before entering into a contract;
  • to fulfill your warranty claim for defects;
  • to send notifications about our offers, news, and events (catalogs, news, invitations, questionnaires, surveys, and other publications), which, subject to your consent, can also be processed for the purpose of preparing optimal and customized offer products and services;
  • to ensure network and information security (for example, preventing unauthorized access to electronic communications networks, the spread of malicious code, denial-of-service attacks, and damage to computer and electronic communications systems);
  • to monitor general safety and improvements of the controller's products and services with regard to the protection of public health and the environment;
  • to prepare legal claims or defend against them;
  • to ensure the security of the controller's premises and property.

 

4. Data processing is based on:

  • performance of a contract concluded between you and the controller or steps are taken at your request prior to the conclusion of the contract of Article 6(1)(b) of the GDPR;
  • legal obligation Article 6(1)(c) of the GDPR;
  • your explicit and prior consent, which we will obtain when you provide your personal data to the controller and confirm your consent by ticking the dedicated checkbox or by providing your signature in accordance with Article 6(1)(a) of the GDPR;
  • without explicit and prior consent to the extent and under the conditions for the processing of personal data for the purposes of offering goods or services permitted by law under Article 6(1)(f) of the GDPR;
  • your prior consent under Article 6(1)(a) of the GDPR, which is the performance of marketing activity;
  • our overriding legitimate interest under 6(1)(a) of the GDPR, which is the performance of marketing activity;
  • your prior consent under Article 6(1)(a) of the GDPR;
  • after an assessment has been made that our legitimate interests override the rights of data subjects, we may exceptionally process personal data on the basis of Article 6(1)(f) of the GDPR.

 

5. Personal data storage period


We store basic personal data for an unlimited period as long as you have a status of a registered user on our website or until you withdraw your consent.

 

We will process your personal data until you delete your user account. We reserve the right to delete your user account in case of prolonged inactivity or use of the platform in violation of its terms and conditions of use or provisions of applicable regulations. We will inform you about this in advance, and the data will be deleted within 14 days from the date of deletion of the user account. Despite the deletion of the user account, we can continue to process personal data as long as we have a valid legal basis, such as our overriding legitimate interest.

 

The duration of storage of your personal data may depend on the purpose of data processing, i.e. until the purpose is fulfilled. When data is processed for the purpose of performance of a contract concluded with you, or as a result of your order, request, or inquiry, the data is kept as long as it is necessary for the performance of the contract, the delivery of goods or the provision of services. Contact information may be stored longer for direct marketing purposes to the extent permitted by law.

 

Personal data may be stored even after the purpose of its processing has been fulfilled, until the expiration of the applicable statute of limitations, if further storage is necessary for the processing of legal claims, or longer, if a longer storage period is necessary for the fulfillment of a legal obligation or a decision of a competent authority. Data obtained for the purpose of sending e-news and offers will be stored until you withdraw your consent. After the specified periods, personal data will be anonymized or deleted.

 

6. Freely given data

Personal data is given freely. You are not obligated to provide your personal data; however, if you do not provide your personal data, we cannot conclude a contract (since we need the data for the delivery of your ordered goods).

 

7. Who has access to your personal data

We do not share or give access to your personal data to any third parties (outside company Odeja d.o.o.), except those contractual partners that perform certain services for us regarding data processing, and which are obligated to act in accordance with the legislation governing personal data processing and protection (i.e. contractual processors). Contractual processors that receive personal data from us:

  • marketing services providers;
  • providers for e-mail sending services;
  • providers of software solutions;
  • delivery companies.

Contractual processors can process personal data exclusively in accordance with our instructions and cannot process personal data for their own purposes. Together with their employees, they are obligated to protect the confidentiality of your personal data. All submitted information is therefore protected against any third-party access, allowing users to conduct their business with Odeja d.o.o. without worries or interruptions.

 

8. Privacy Policy validity and use


The provider respects privacy and is obligated to act with due diligence and in accordance with applicable regulations on personal data protection when collecting, storing, and processing personal data. The provider is not liable for the accuracy of data listed by the user upon registration in the online store.
The user also bears responsibility for protecting their personal data, specifically by ensuring the security of their username and password and with appropriate software (antivirus) protection of their computer.
For security purposes, we also collect data IP addresses of users accessing and using the Odeja online store at www.odeja.si.

The Privacy Policy is in effect and is used without exceptions for:

- every user on Odeja d.o.o. website, on first and every subsequent visit; and

- every person that submits their personal data in any form to the company.

The Privacy Policy can be modified or amended without warning or notice, in accordance with statutory provisions in effect at the time. The latest Privacy Policy is published at https://odeja.si/slo/varnost-nakupa.

 

9. Consent

Personal data submitted during an order/subscription to e-news is processed with your clear and unambiguous consent, based on Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR). For the purpose of improving the quality of our products and services, as well as for statistical purposes related to email messages sent, we also process data on received messages opened and clicks on links in received messages.

You give your consent to personal data processing by entering your e-mail address on Odeja.si website on the online order form or in the "Stay in touch" link. You can withdraw your consent at any time by clicking "You can always unsubscribe or change your personal information", located in the footer of every message received from Odeja.si, or by sending an email to novice@odeja.si. In the event of withdrawal of consent, we will no longer use your personal data for notifications on Odeja.si content. A withdrawal of consent has no effect on the legality of consent-based data processing before the withdrawal.

 

10. Your rights related to personal data

You have the following right regarding your data:

  • Confirm whether or not we are processing your data.
  • Access to personal data and the following information: purposes of the processing; categories of personal data; recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of automated decision-making, including profiling, and reasons as well as the significance and the envisaged consequences of such processing for you.
  • A copy of personal data in the format specified by you (if the request is submitted by electronic means of communication and you do not specify otherwise, the copy is provided in electronic form); for additional copies requested, we can charge a fee for our costs.
  • Correction of incorrect personal data.
  • Limitation of processing in the following cases:
    - You dispute the accuracy of personal data, specifically for the period that allows us to check the accuracy of personal data.
    - Processing is illegal and you oppose the deletion of personal data, and instead request limitation of their use.
    - We no longer need personal data for the purposes of processing, but you need them to enforce, initiate or defend legal claims.
  • Erasure of all personal data (right to be forgotten), if all assumptions of Article 17 of the General Data Protection Regulation are met, and above all in the event of withdrawn consent for personal data processing.
  • Transcript of personal data in a structured, generally used, and machine-readable form, with the right to submit this data to another controller without any interference on our part.
  • Cessation of the use of personal data for the purposes of direct marketing, including profiling.
  • A decision based purely on automated processing, including profiling, does not apply to you if the assumptions of Article 22 of the General Data Protection Regulation are met.
  • The right to file a complaint against us with the information commissioner, if you believe that processing of your personal data violates the General Data Protection Regulation.

 

11. Procedure for exercising your rights

At any time, you can send a written request regarding your rights related to personal data to eprodaja@odeja.si.

For the purposes of reliable identification in the event of exercising rights related to personal data, we can request additional data; we can only refuse to act if we can prove that we cannot reliably identify you.

We are obligated to respond to any request regarding your rights to personal data without undue delay and no later than one month after receiving your request.

This Privacy Policy can be modified or amended at any time, without prior warning or notice. By using this website after a change or amendment, the user gives their consent to such changes and amendments.

 

 

Updated: 6 June 2023